Understanding the Book of Dead API Design
The Book of Dead slot API is a REST-based service that uses JSON for exchanging and accepting data. Built for high uptime, it keeps players involved even during heavy periods like major football matches. The design splits the game logic server from the client-side display. This split assures that outcomes, like reel stops and bonus triggers, are random and handled securely on the backend.
In a typical integration, your platform is the client. It initiates sessions and sends player actions. An API gateway receives these requests and channels them to the right game service. For UK operators, this system supports the audit trails and data isolation the Gambling Commission requires. Grasping this sequence aids with debugging and introducing custom features like tournaments or special promotions.
The API is stateless. Every request must carry its own authentication and context. This method supports scalability and reliability, letting the service to handle traffic spikes. To maintain things seamless for users, even with network problems, you should include retry logic and connection pooling on your end.
Authentication and Secure Session Setup
Safety comes first. The Book of Dead API uses OAuth 2.0 client credentials for authorisation. You must have a unique `client_id` and `client_secret` from the provider. All exchange happens over HTTPS, with a bearer token placed in the `Authorization` header. Since this token runs out, your code must renew it automatically to avoid breaking a player’s session.
To start a game session, send a POST request to `/session/start`. The payload needs the player’s unique ID (linked to your system), their currency (GBP), and language preference. For UK compliance, you must also include the player’s current session ID from your responsible gambling tools. This allows the game connect with timeout and limit capabilities. The response gives you a `game_session_token` for all further calls.
We use strict IP whitelisting for server-to-server calls from UK operators. Also, every spin and financial transaction gets a digital signature. Your integration must verify these signatures with our public key to confirm data hasn’t been changed. This step is vital for legal UK operation and protects both you and the player from interference.
Main Gameplay Endpoints: Spin and Result
The main endpoint for play is `/game/spin`. A POST request to this endpoint executes a single spin at the player’s chosen stake. The request should include the `game_session_token`, the `stake` in GBP, and an optional `feature_buy` flag if you offer that. Your system should confirm the player has sufficient funds before calling the API, as the API does not manage wallet balances.
The spin response returns a detailed JSON object. It holds a `reel_stops` array displaying each reel’s position and a `symbols_matrix` for your client to render. The `winning_lines` array describes any payline wins, showing the line number, symbol, and payout. Importantly, it informs you if the Free Spins bonus round started, which occurs when three or more Book scatter symbols show up anywhere.
For the UK market, the response features required compliance fields. These comprise a `spin_timestamp` in UTC, a distinct `round_id` for audits, and the `total_payout`. You are required to store this data permanently for UKGC reporting and any customer disputes. A good practice is to log it in real-time as soon as you obtain the response, so nothing is lost.
Managing the Bonus Spins Reward and Expanding Symbol
When the Free Spins feature starts, a separate process begins. The first base game spin response signals the trigger. Your client then requests `/bonus/initiate` with the `round_id` from that spin. This provides the bonus data: how many free spins were granted and, most significantly, the randomly picked `expanding_symbol` for this round.
The Expanding Symbol is what renders Book of Dead engaging. During free spins, one standard symbol turns into an expanding wild. If this symbol lands, it expands to fill the whole reel, generating bigger wins. The API reply for each free spin clearly states if an expansion took place and the win rate that followed. Your graphic should demonstrate this spread clearly to reflect the game’s layout and what players expect.
You carry out each free spin with a command to `/bonus/spin`. The sequence proceeds until all given spins are exhausted. The API monitors the bonus round status, so you only require to transmit the `bonus_round_id`. Wins add up, and the total is awarded at the conclusion. Your user interface should display the count of free spins left and the active expanding symbol, ensuring the player informed.
Payment Integration and Reporting of Transactions
Accuracy of finances is critical. The Book of Dead API does not process real money. It only computes win amounts. Your platform must remove the stake before calling the spin endpoint, then apply the winnings after you obtain and verify the result. This requires solid, atomic transaction logic on your backend to avoid race conditions or balance errors.
All money values in the API are in GBP, with two decimal places. The `payout` value in the response is the net win for that spin (the total win minus the stake). You allocate this amount to the player’s balance. UK operators also need to track `total_stake` and `total_wins` per player session to calculate Gross Gambling Yield for regulatory reports.
We provide a `/transactions/history` endpoint for reconciliation. You can query it with a date range or a specific `round_id` to pull a signed record of all transactions. UK licensees typically conduct a daily reconciliation with this data. It verifies that your financial records match with the provider’s logs, building a clear audit trail.
Error Management and Compliance for the UK Market
Proper error handling ensures stability. The API utilizes standard HTTP status codes along with a specific `error_code` and `message` in the response body. Common errors include `INSUFFICIENT_BALANCE` (which you should handle before the request), `SESSION_EXPIRED`, and `BET_LIMIT_EXCEEDED`. Your code must handle these smoothly, perhaps by sending the player to a deposit page or explaining a limit breach, following UK responsible gambling rules.
UK-specific compliance errors demand attention. If a player’s self-exclusion or timeout activates during a game, the API might return a `PLAYER_SUSPENDED` error. Your integration must halt the game session right away and redirect the player to a protected, non-gambling part of your site. Recording these events for your compliance team is mandatory. The same applies for age verification failures; gameplay must halt immediately.
Think about using a circuit breaker pattern for API calls. If you experience several timeouts or server errors (5xx statuses) in a row, your system should stop trying and fail gracefully, maybe displaying a maintenance message. This improves the user experience and prevents your servers from overloading. Configure monitoring to warn your tech team if 4xx or 5xx error rates rise, so they can diagnose quickly.
Trialing and Modeling in a Isolated Environment
Never go live without comprehensive testing in the sandbox. This environment mirrors the live API but uses test money and won’t impact real finances. You’ll get sandbox-only `client_id` and `client_secret` credentials. It lets you simulate the whole player experience, from signing up and depositing to playing and withdrawing, so you can resolve any edge cases.
UK developers should focus on key test scenarios. Replicate the bonus round trigger often to check the Expanding Symbol animation works. Test large wins to confirm your balance updates and any manual review processes work. You must also test how your integration works with responsible gambling tools, like sending a timeout signal to verify gameplay stops properly. This is a legal requirement.
The sandbox also includes tools to force specific outcomes, like triggering a bonus or a losing spin. This is very useful for building and testing features like game history logs, bonus buy options, and your own promotional messages. Build a thorough automated test suite for these scenarios. Run it consistently, especially before you update your platform or when a new API version is released.